PRIVACY POLICY

HARVEY NICHOLS

Privacy Policy

Last Updated [27th November 2019]

This privacy policy (“Privacy Policy”) applies to processing of personal data in connection with the Harvey Nichols website at https://www.harveynichols.com and our Android and iOS rewards apps ( Rewards by Harvey Nichols) (the “Sites”), and all of the services that we offer, including from our stores and restaurants (“ Stores”) and the Sites (“Services”). We respect the privacy of every person who visits our Sites and our Stores or who uses our Services, and we are committed to ensuring a safe online experience for all.

1 Purpose of this Policy

This Privacy Policy explains our approach to any personal data that we might collect from you or which we have obtained about you from a third party and the purposes for which we process your personal data. This Privacy Policy also sets out your rights in respect of our processing of your personal data. For more information

This Privacy Policy will inform you of the nature of the personal data about you that is processed by us and how you can request that we delete, update, transfer it and/or provide you with access to it.

This Privacy Policy is intended to assist you in making informed decisions when using the Sites and our Services. Please take a moment to read and understand it. Please also read it in conjunction with our Website Terms of Use

Please also note that this Privacy Policy only applies to the use of your personal data obtained by us, it does not apply to your personal data collected during your communications with third parties.

2 About us

The Sites and our Services are made available by various companies in the Harvey Nichols group of companies, including our third party licensee, Harvey Nichols (Hong Kong) Limited (each a “Group Company ”).

Where this Privacy Policy refers to "Harvey Nichols", “ we”, "us” or “our”, this means one or more of the particular Group Companies that provide the particular Site or Service to you. For more information about our Group Companies, including their respective roles and responsibilities

Except as stated otherwise, each Group Company is an independent controller of your personal data.

United Kingdom

  • Harvey Nichols.Com Limited (company no: 03869510) is responsible for:
      • making the Sites available to you;
      • fulfilling orders made via the Sites on behalf of other Group Companies, including our Group Companies located outside the United Kingdom including on behalf of Harvey Nichols (Hong Kong) Limited
      • performing marketing activities on behalf of other Group Companies;
      • providing you with the information set out in this Privacy Policy; and
      • giving effect to your individual rights on behalf of other Group Companies.
  • Harvey Nichols and Company Limited (company no: 01774537) operates the Harvey Nichols store in Knightsbridge.

Other Group Company controllers of your personal information located in the United Kingdom are:

  • Harvey Nichols Restaurants Limited (company no: 03114510) which operates the stand-alone restaurant in London;
  • Harvey Nichols Beauty Bazaar Limited (company no: 07855506), which operates the Beauty Bazaar store in Liverpool;
  • Harvey Nichols (Own Brand) Stores Ltd (company no: 04079425), which operates the Harvey Nichols stores in Birmingham and Bristol; and
  • Harvey Nichols Regional Stores Limited (company no: 04351230), which operates the Harvey Nichols stores in Edinburgh, Manchester and Leeds.
  • Harvey Nichols Pension Scheme, which administers the Defined Benefit Scheme of the Harvey Nichols Group.

Each of these UK Group Companies is established under the laws of England and has its registered office at 361-365 Chiswick High Road, London, W4 4HS.

Republic of Ireland

  • Harvey Nichols (Dublin) Limited (company no: 388458) operates our Store in Dublin, which is a established under the laws of the Republic of Ireland with its registered office at Dundrum Town Centre, Sandyford Road, Dublin 16, D16 W0C0, Ireland

Hong Kong

Our third-party licensee, Harvey Nichols (Hong Kong) Limited, is a joint controller of your personal data with Harvey Nichols.Com Limited.

Harvey Nichols (Hong Kong) Limited (company no: 0224937) operates our Site in Hong Kong. It is a company established under the laws of Hong Kong with its registered office at 4/F, East Ocean Centre, 98 Granville Road, Tsim Sha Tsui East, Kwoloon, Hong Kong.

3 How to contact us

If you have any questions about this Privacy Policy or want to exercise your rights set out in this Privacy Policy, you can contact us by:

4 What personal data we collect and how we use it

We use your personal data for the following purposes:

Fulfilment of our Services. For more information

We collect and maintain personal data that you submit to us for the purposes of supplying Services (including goods that you have ordered) that you have requested from us via our Sites or in our Stores. We may collect and process your personal data whether you are interacting with us, on your own behalf or on behalf of any organisation that you represent.

The personal data we process may include your name and contact information (such as email address, postal address and telephone number) and your payment information (where applicable). We process this information so that we can fulfil the supply of the Services, maintain our user databases and to keep a record of how our Services are being used.

If you attend one of our Stores, we will process personal data about you which you volunteer in connection with the purpose of your visit and any enquiries you may have. Some Services we offer are also subject to separate terms and conditions which will apply to your use of such Services.

We also have security measures in place at our Stores, including CCTV. There are signs in place showing that CCTV is in operation. The images captured are securely stored and only accessed on a need to know basis (e.g. to look into an incident). CCTV recordings are typically automatically overwritten after a short period of time unless an issue is identified that requires investigation (such as a theft).

Who do we share your personal data with for this purpose?

We will share your personal data with the following categories of third parties:

  • Credit card companies and other payment providers – to help us process payments and refunds;
  • Delivery and courier companies – to deliver products and process returns;
  • Third party IT service providers – to provide and help us run, manage and backup our internal IT systems. Such third parties may include, for example, providers of information technology, cloud-based software as a service providers, identity management, website hosting and management, data analysis, data back-up, security and storage services.
  • Cross-border solution provider – to fulfil international orders and facilitate customer enquiries.
  • Tax-free service providers and HM Revenue & Customs – in relation to tax free rebates;
  • Marketplace companies – to fulfil customer orders
  • Concierge service providers – to enable us to provide the Services.

Our legal basis for processing

It is necessary for us to use your personal data to perform our obligations in accordance with any contract that we may have with you, or it is in our legitimate interest or a third party’s legitimate interest to use personal data in such a way to ensure that we provide the Services requested by you and others in an effective and efficient way.

Use of our Sites (including our App). For more information

We collect and maintain personal data that you submit to us during your use of our Sites in the following ways:

o Registering and accessing your member’s accounts. For more information

Our Sites and Services, including Rewards by Harvey Nichols, may enable or require you to register a member’s account with us in order to gain access to additional features and receive exclusive member offers. We will ask all prospective applicants to complete the registration form, providing a username, email address and password and may ask for other identifiers, including applicant’s physical address, telephone number and date of birth.

We will use your personal data in order to process your application for a member’s account. Once you are registered, we will process your username and password to identify you when you log into your account and the secure areas of our Sites. We will also process your login information so that we can administer your account with us and contact you about your account.

Your access to and use of our Sites, including any secure member’s area, is subject at all times to our Terms of Use.

Who do we share your personal data with for this purpose?

We will share your personal data with third party organisations that provide applications/functionality, data processing and/or IT services. Please see the “Fulfilment of our Services, including use of our Sites section for further details.

Our legal basis for processing

It is necessary for us to use your personal data to perform our obligations in accordance with any contract that we may have with you, or it is in our legitimate interest or a third party’s legitimate interest to use personal data in such a way to ensure that we provide the Services requested by you and others in an effective and efficient way.

o Linking to social media sites. For more information

If you click on one of the social media links on our Sites or otherwise interact with our social media accounts such as Facebook or Instagram (including interacting with any ‘like’ or similar embedded features on our Sites or social media accounts), we and the relevant social media platform may receive information relating to such interaction and may share your personal data in connection with this purpose.

Our legal basis for processing

It is necessary for us to use your personal data to perform our obligations in accordance with any contract that we may have with you, or it is in our legitimate interest or a third party’s legitimate interest to use personal data in such a way to ensure that we provide the Site and services from the Site to you and others in an effective and efficient way.

Who we share your personal data with for this purpose

Except with the relevant social media platform, we will not share your personal data with any third parties for this purpose. Please note Harvey Nichols is not responsible for the use of your personal data by the relevant social media platform. Please see the privacy notice of the relevant social media platform for further information about how and why they collect and use your personal data.

o To ensure that our Rewards by Harvey Nichols app functions properly and to provide you with in-app features. For more information

When using our Rewards by Harvey Nichols app, in order to ensure that the app can operate and provide its features to you, the provider of your phone may collect technical data. The data is automatically collected and transmitted to us from your mobile device during your use of the app and may include: (i) device name (e.g. “Apple iPhone 8” or “Samsung Galaxy S9”); (ii) operating system and version; (iii) system language; (iv) general device data, such as voice and regional settings; (v) IP address of the terminal; (vi) date and time of use; and (vii) application ID to identify your installation of the app (“Usage Data”).

To improve our service, our app may send error messages to us in the event of a crash (e.g. after the app has unexpectedly quit because of a program error or has stopped responding to your input). The error messages contain the above Usage Data, as well as information about which part of the app’s software code has caused the error.

When you open our Rewards by Harvey Nichols app for the first time, you will be asked if the app is allowed to send push notifications. If you allow this feature, we will send you push notifications, for example, to provide you with details of rewards that are available to you. Such push notifications are controlled by the software components of your operating system (so-called “tokens”). You can configure and turn our push notifications off via your device settings at any time. [You can also select the exact notifications you would like to receive via the in-app settings].

If you permit location settings via the app, you will be asked if the app is allowed to access your location. If you allow this feature, we will determine your location to provide you with site-specific functions of the app, such as showing you Stores that are close to you. You can configure and turn off location settings via your device settings at any time.

If other features of the app require access to your camera or photo and videos, you will be asked if you want to use this function and provide such access before using it for the first time. If you allow any such function, you can use the corresponding function to perform the desired action on the app, such as barcode scanning. You can enable or disable access to these functions at any time via your device settings.

Who do we share your personal data with for this purpose?

We will share your personal data with third party organisations that provide applications/functionality, data processing and/or IT services. Please see the “Fulfilment of our Services, including use of our Sites” section for further details.

Our legal basis for processing

It is in our legitimate interests to use the Usage Data and send error messages (if applicable) in such a way in order to secure the Rewards by Harvey Nichols app’s functionality, detect errors, resolve them, and to help us to detect and prevent cyberattacks.

We rely on consent where you have enabled features such as push notifications, location, camera, or photo and video upload functions, as it will be your choice to receive such notification or allow us access to this information.

Your enquiries to and/or purchases from in-store concessionaires. For more information

Where you enquire about or purchase the products and services offered by third party concessionaires in our Stores, the concessionaire may collect personal data about you directly for their own purposes. We are not responsible for such collection and processing of your personal data by concessionaires, which is the legal responsibility of the applicable concessionaire . To find out more about how and why a concessionaire processes your personal data, please see the privacy policy of the relevant concessionaire.

We sometimes obtain information about you or your purchases from concessionaires and other third parties.

Our legal basis for processing

It is necessary for us to use your personal data to perform our obligations in accordance with any contract that we may have with you, or it is in our legitimate interest or a third party’s legitimate interest to use personal data in such a way to ensure that we provide the Services requested by you and others in an effective and efficient way.

Hosting and managing events. For more information

From time to time, we may organise customer events for the purpose of for example, instore promotions, brand/department launches. We may process your name and contact information (including email address, postal address and telephone number) to communicate with you about such events where you have specifically requested information about such events or where we have another lawful basis for sending that information to you.

If you attend one of our events, we may use your personal data to record your attendance at the event and for related record-keeping purposes and, if relevant, we may collect and process any dietary requirements you may have. You may also feature in photographs taken at our events and such photographs may be published.

Who do we share your personal data with for this purpose?

When we run events, we will share your personal data with third-party services providers that are assisting us with the operation and administration of that event.

If we are running an event in partnership with other organisations, we will share your personal data with such organisations for use in relation to the event. We are not responsible for the third party’s use of your personal data. To find out more about how and why the third party processes your personal data, please see the privacy policy of the relevant third party.

Our legal basis for processing

It is in our legitimate interest or a third party’s legitimate interest to use personal data in such a way to ensure that we provide the Services requested by you and others in an effective and efficient way.

Customer service and general enquiries. For more information .

Our Sites feature a “Contact Us” page which invites you to submit general enquiries about our Sites and our Services by email telephone or post.

When you make an enquiry, we will collect and process your name, contact information (including email address, physical address and/or telephone number) and any other personal data you volunteer that is relevant to your enquiry. We use this information to manage and respond to your enquiries and requests.

We also record (including voice recordings of telephone conversations) and use the information referred to above to train our personnel so that they can effectively deal with enquiries.

Who do we share your personal data with for this purpose?

We will share your personal data with third party organisations that provide applications/functionality, data processing and/or IT services. Please see the “Fulfilment of our Services, including use of our Sites ” section for further details.

Our legal basis for processing

It is in our legitimate interest to use your personal data in the ways described above to ensure that we are able to help you with your enquiry and provide a good standard of service to you.

Surveys and feedback. For more information

From time to we will contact you to invite you to provide feedback about us or our Sites and Services in the form of online, postal or in-Store surveys. We will collect and process your name and contact details (including email address, postal address and telephone number, as applicable) and any other personal data you choose to volunteer in your survey response or other feedback.

Where we market to you via email (where we have a lawful right to do so), we will maintain an online panel containing your contact details which we will use for this purpose. Where we do not have a right to market to you via email, you may still be contacted for this purpose.

We use the information that we collect via surveys to help us improve the quality of service provided by our personnel. We also use other feedback that you provide to us to monitor and improve the quality of our Sites, our Stores and our Services and to assist with the selection of future product and service lines and the training of our personnel.

You can also voluntarily provide feedback by contacting our Customer Service team. Please see “Customer service and general enquiries ” for more information.

Who we share your personal data with for this purpose

We use third party service providers that specialise in customer relationship management to assist us with customer surveys and feedback requests.

Our legal basis for processing

It is in our legitimate business interests to use the personal data you provide to us in your feedback for the purposes described above.

Prize draws, prize competitions and other promotions. For more information

From time to time, we may run prize draws, prize competitions and other promotions on our Sites, in our Stores and/or on our social media accounts. For the purposes of administering such draws, competitions and promotions, we may process your name, contact details (including email address, postal address and/or telephone number), social media handle (if relevant), payment details (if relevant) and any other personal data volunteered by you in your prize draw, competition or promotion entry.

Our prize draw, competition and promotions may be subject to separate terms and conditions which you may be required to accept as a condition of entry.

Who we share your personal data with for this purpose

We share personal data with specialist suppliers who assist us in administering our prize draws, prize competitions and other promotions.

Our legal basis for processing

It is necessary for us to use your personal data to perform our obligations in accordance with any contract that we may have with you (e.g. the terms and conditions applicable to the promotion to which you may be asked to agree as a condition of entry) or it is in our legitimate interest to use your personal data to enable you to participate in any prize draws, prize competitions and other promotions.

Insight and Analysis. For more information

We analyse your contact details with other personal data that we observe about you from your interactions with our Sites, our email communications and/or with our Services, such as the products and services you have purchased or viewed, or from your use of our in-Store wifi.

Where you have given your consent (where lawfully required), we use cookies, log files and other technologies to collect personal data from the device and software that you use to access the Sites. This includes the following:

  • an IP address to monitor Sites traffic and volume;
  • a session ID to track usage statistics on our Sites;
  • information regarding your personal or professional interests, demographics, buying habits, experiences with our products and contact preferences.

Our Sites (including our apps) and e-mails contain cookies, web beacons, and pixel tags (“Tags”). Tags allow us to track receipt of an e-mail to you, to count users that have visited a web page or opened an e-mail and collect other types of aggregate information. [Once you click on an e-mail that contains a Tag, your contact information may subsequently be cross-referenced to the source e-mail and/or] the relevant Tag.

In some of our e-mail messages, we use a “click-through URL” linked to certain websites administered by us or on our behalf. We may track click-through data to assist in determining interest in particular topics and measure the effectiveness of these communications.

Please see our Cookie Policy for further information

This information is used to create profiles and insights about our visitors’ browsing and shopping habits and the shopping habits of our other customers. Where we have your consent to do so, we will also use your location data for customer insight purposes.

By using this information, we are able to measure the effectiveness of our content and how visitors use our Sites and our Services. This allows us to learn what pages of our Sites are most attractive to our visitors, which parts of our Sites are the most interesting and what kind features and functionalities our visitors like to see.

We also use this information to help us with the selection of future product and service lines, websites design and to remember your preferences (such as garment size and whether you shop online or instore).

We also use this information for marketing purposes (please see the “ Marketing Activities” section below for further details).

Who we share your personal data with for this purpose

We share your personal data with a variety of third party service providers to assist us with customer insight analytics. Where these providers collect your personal data through the use of Tags, these providers are described in our Cookie Policy

Our legal basis for processing

Where your personal data is truly anonymised, we do not require a legal basis to use it as the information will no longer constitute personal data that is regulated under data protection laws. However, our collection and use of such anonymised personal data may be subject to other laws where your consent is required. Please see our Cookie Policy for further details.

Where your personal data is not in an anonymous form, it is in our legitimate interest to use your personal data in such a way to ensure that we provide the very best products and services to you and our other customers.

Where we use Tags to obtain your personal data, we shall rely on your consent.

We will only use your location data for customer insight purposes where we have your consent to do so.

Refer a friend scheme. For more information

We operate a refer-a-friend programme (available here ). If you refer a friend to us, we will collect your name and email address. You will then be prompted to contact your friend via a number of channels, including email and social media, to provide a referral link, or you can provide your name or referral link to your friend directly.

Please only share a referral invitation with friends who you know would be happy to receive it.

If you are a friend that has received an email from someone inviting you to use Harvey Nichols, we will not receive any of your personal data unless and until you use our Site or our Services.

Who we share your personal data with for this purpose

Our refer-a-friend programme is operated by Mention Me, a third party service provider.

Our legal basis for processing

It is within our legitimate interests to use your personal data for this purpose. If you are a friend that has received an email from someone inviting you to use Harvey Nichols, we do not require a legal basis for this purpose as we will not receive any of your personal data unless and until you use our Site or our Services.

Marketing activities. For more information

We carry out the following marketing activities using your personal data:

o Postal marketing. For more information

We use your name and postal address to send you (or the organisation you represent) marketing communications by post. Our postal marketing communications will include press releases and information on the Services we provide, as well as general information about our organisation, our Sites, Stores, the Services we provide and the events and promotions we offer from time to time.

Our postal marketing will include personalised and non-personalised postal marketing. Personalised marketing is marketing which has been specifically tailored to you. For example, our personalised postal marketing will feature services, events, offers and/or promotions that we think are most likely to appeal to you. Non-personalised marketing is marketing about our services, events, offers and/or promotions generally and is not tailored to any particular individual.

Where we are sending you personalised postal marketing, we also use information that we observe about you from your interactions with our Sites, with our email communications to you, with our Stores and/or with our Services in order to decide what sort of personalised marketing communications to send you. Please see the “ Insight and Analysis ” section above for more details about the personal data collected and how it is collected.

Who we share your personal data with for this purpose

We share your personal data with a variety of third party postal providers who assist us in delivering our postal marketing campaigns to you.

Our legal basis for processing

Where your personal data is truly anonymised, we do not require a legal basis to use it as the personal data will no longer constitute personal data that is regulated under data protection laws. However, our collection and use of such anonymised information may be subject to other laws where your consent is required. Please see our Cookie Policy for further details

Where your personal data is not in an anonymous form, such as your postal address, it is in our legitimate interest to use your personal data for postal marketing.

o Email and SMS/MMS marketing. For more information

We use your name and email address to send you (or the organisation you represent) marketing communications by email. We use your mobile telephone number to send you marketing communications by SMS/MMS. Our email and SMS/MMS marketing communications will include press releases and information on events and campaigns coming up, as well as general information about our organisation, our Sites, our Stores, the Services we provide and the events and promotions we offer from time to time. Members can also subscribe to receive special deal alerts by email.

Our email and SMS/MMS marketing will include personalised and non-personalised email marketing. Personalised marketing is marketing which has been specifically tailored to you. For example, our personalised email marketing will feature services, events, offers and/or promotions that we think are most likely to appeal to you. Non-personalised marketing is marketing about our services, events, offers and/or promotions generally and is not tailored to any particular individual.

Where we send you personalised email or SMS/MMS marketing, we also use information that we observe about you from your interactions with our Sites, with our Stores and/or with our Services in order to decide what sort of personalised marketing communications to send you. Please see the “Insight and Analysis ” section above for more details about the personal data collected and how it is collected.

Who we share your personal data with for this purpose

We share personal data with specialist suppliers who assist us in managing our marketing database and sending out our email marketing communications and membership-related communications.

Our legal basis for processing

Where your personal data is truly anonymised, we do not require a legal basis to use it as the personal data will no longer constitute personal data that is regulated under data protection laws. However, our collection and use of such anonymised personal data may be subject to other laws where your consent is required. Please see our Cookie Policy for further details

Where your personal data is not in an anonymous form, it is in our legitimate interest to use your personal data for marketing purposes.

We will only send you marketing communications via email where you have consented to receive such marketing communications, or where we have another lawful right to do so.

o Online personalised advertising. For more information

We use information that we observe about you from your interactions with our Sites, with our email communications to you and/or with our Services (see the Insight and Analysis section above for more details of the information collected and how it is collected) to provide you with personalised online advertising.

Who we share your personal data with for this purpose

We share your personal data with specialist suppliers, including third party media buying agencies, who assist us with the delivery of online personalised advertising campaigns. These suppliers include:

  • Google
  • Microsoft/Bing
  • Facebook
  • Snapchat
  • LinkedIn
  • Twitter
  • Trade Desk
  • Captify

Other suppliers that we use for this purpose are described in our Cookie Policy.

Our legal basis for processing

Where your personal data is truly anonymised, we do not require a legal basis to use it as the personal data will no longer constitute personal data that is regulated under data protection laws. However, our collection and use of such anonymised personal data may be subject to other laws where your consent is required. Please see our Cookie Policy for further details

Where your personal data is not in an anonymous form, it is in our legitimate interest to use your personal data for marketing purposes.

o Social media remarketing. For more information

We use information that we observe about you from your interactions with our Sites, with our email communications to you and/or with our Services (see the Insight and Analysis section above for more details of the information collected and how it is collected) to provide you with personalised advertising on social media channels, including those operated by Facebook and/or Google, where you are a registered user of such services.

We do this using Facebook Custom Audiences and/or Google Audience Builder respectively Such activity is also subject to the privacy choices you have elected to make on such services.

Who we share your personal data with for this purpose

We share your email address with third party service providers who assist us with social media remarketing campaigns.

Your encrypted email address is also shared by us or our third party service providers with Facebook and/or Google under the terms of their Facebook Customer Audiences and/or Google Customer Match services respectively.

Our legal basis for processing

It is in our legitimate interests to use your email in an encrypted/‘hashed’ form and to share it with social media platforms for remarketing purposes.

o Social media insight. For more information

Where you are a registered user of Facebook, or of a Google service, we will use your email address in an encrypted format to enable Facebook and Google to find other registered users of their services that share similar interests to you based on:

- information that we observe about you from your interactions with our Sites, with our email communications to you and/or with our Services (see the Insight and Analysis section above for more details of the information collected and how it is collected); and

- the information Facebook and/or Google hold about you.

We do this using Facebook Lookalike Audiences and/or Google Similar Audience respectively. Such activity is subject to the privacy choices you have elected to make on such services.

Who we share your personal data with for this purpose

We share your email address with third party service providers who assist us with social media remarketing campaigns.

Your encrypted email address is also shared by us or our third party marketing consultancies with Facebook and/or Google under the terms of their Facebook Customer Audiences and/or Google Customer Match respectively.

Our legal basis for processing

It is in our legitimate business interests to use your email in an encrypted/‘hashed’ form and to share it with social media platforms for social media insight purposes.

Business administration and legal compliance. For more information

We use your personal data for the following business administration and legal compliance purposes:

  • to comply with our legal obligations;
  • to enforce our legal rights;
  • protect rights of third parties; and
  • in connection with a business transition such as a merger, acquisition by another company, or sale of all or a portion of our assets.

Who we share your personal data with for this purpose

We share personal data with professional services firms, such as auditors, insurers, lawyers and accountants, who advise and assist us in relation to the lawful and effective management of our organisation and in relation to any disputes in which we may become involved.

We may also share your personal data with law enforcement or other government and regulatory agencies or other third parties as required by, and in accordance with, applicable law or regulation.

Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, or to establish, exercise or defend legal rights. We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law or regulation.

Our legal basis for processing

Where we use your personal data in connection with a business transition, enforce our legal rights, or to protect the rights of third parties it is in our legitimate interest to do so. For all other purposes described in this section, it is our legal obligation to use your personal data to comply with any legal obligations imposed upon us such as a court order.

Where we process your sensitive personal data, we shall obtain your explicit consent to do so, unless we have another lawful right to share your sensitive personal data, for example to protect your vital interests where you are incapable of giving consent, or where the sharing is otherwise necessary for purposes that are mandated by data protection law.

Any other purposes for which we wish to use your personal data that are not listed above, or any other changes we propose to make to the existing purposes will be notified to you using your contact details.

5 How we obtain your consent

Where our use of your personal data requires your consent, you can provide such consent:

  • at the time we collect your personal data following the instructions provided; or
  • by informing us using the contact details set out in the How to Contact Us section above.

6 Our use of cookies and similar technologies

Our Sites use certain cookies, web beacons, pixel tags, log files and other technologies. Please see our Cookie Policy to find out more about the cookies and other similar technologies we use and how to manage, block and delete them.

7 Third Party Links and Services

This Privacy Policy does not apply to your interaction with services provided by third parties.

Our website contains links to third party websites and services. For more information

When you use a link to go from our Sites to another website or you request a service from a third party, this Privacy Policy no longer applies. For more information

Your browsing and interactions on any other websites, or your dealings with any other third party service provider, is subject to that website’s or third party service provider’s own rules and policies. For example, our website invites you to connect with us on social media platforms such as Facebook and Instagram. When you click on the links we provide to such platforms, you will be transferred from our website to the relevant platform and the privacy policy (and other terms and conditions) of that platform will apply to you.

We do not monitor, control or endorse the privacy practices of any third parties.

We encourage you to become familiar with the privacy practices of every website you visit, or third party service provider that you use, in connection with your interaction with us and to contact them if you have any questions about their respective privacy policies and practices.

This Privacy Policy applies solely to personal data collected by us through our Sites, the supply of our Services and/or in connection with our business operations and does not apply to these third party websites and third party service providers.

When downloading the Rewards by Harvey Nichols app you will interact with a third party App Store. For more information

In order to download and install the app from an App Store (such as Google Play or the Apple AppStore), you must first register with the provider of the respective App Store for a user account and enter into that App Store’s user agreement. We have no influence on the terms of such user agreement and are not a party to such user agreement. When downloading and installing the app, certain information is transmitted to the respective provider of the App Store (e.g. Google or Apple) including your username, your email address and the customer number of your account, the time of download and the individual device code and, in the case of in-app purchases, your payment information. We have no influence on, and are not responsible for downloading and installing the app on your mobile device (e.g., your iPhone or Andorid).

8 Sharing personal data

We will only share personal data with others when we are legally permitted to do so. When we share personal data with others, we put contractual arrangements and security mechanisms in place to protect the personal data shared and to comply with our data protection, confidentiality and security standards and obligations.

Please see the “What personal data we collect and how we use it ” section for specific examples of how we share your personal data. In addition to the examples in this section, we may also share your personal data with Group Companies in connection with the relevant purpose (please see the “About us” section for further information).

While we have made every effort to provide these examples, please note that these are non‑exhaustive and there may be circumstances where we need to share personal data with other third parties in order to operate our Sites and Stores and to provide our Services.

9 Transfers of personal data outside the European Economic Area (“EEA”)

Where necessary in order to operate our Sites and to otherwise deliver our Services, we transfer personal data to countries outside the EEA.

Non-EEA countries do not have the same data protection laws as the EEA. In particular, non-EEA countries may not provide the same degree of protection for your personal data, may not give you the same rights in relation to your personal data and/or may not have a data protection supervisory authority to help you if you have any concerns about the processing of your personal data. However, when transferring your personal data outside the EEA, we will comply with our legal and regulatory obligations in relation to your personal data, including having a lawful basis for transferring personal data and putting appropriate safeguards in place to ensure an adequate level of protection for your personal data.

We will take reasonable steps to ensure the security of your personal data in accordance with applicable data protection laws. For more information click here.

When transferring your personal data outside the EEA, we will ensure that, where required by applicable law, at least one of the following safeguards is implemented:

Adequacy decisions: We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see here.

Model clauses: Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see here.

EU-U.S. Privacy Shield: Where we have partners or suppliers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US. For further details, see here.

Please contact us if you would like further information on the specific mechanisms used by us when transferring your personal data outside the EEA.

10 How long do we keep your personal data for?

In respect of personal data that we process in connection with the supply of our Services, we may retain your personal data for up to six years from the date of supply of the relevant Services and in compliance with our data protection obligations. We may then destroy such files without further notice or liability.

In respect of any other personal data that we process, we will retain relevant personal data for up to three years from the date of our last interaction with you and in compliance with our data protection obligations. We may then destroy such files without further notice or liability.

If any personal data is only useful for a short period (e.g. for a specific event or marketing campaign or in relation to recruitment), we will not retain it for longer than the period for which it is used by us.

If you have opted out of receiving marketing communications from us, we will need to retain certain personal data on a suppression list indefinitely so that we know not to send you further marketing communications in the future.

We may retain your personal data for a longer period for the purpose of fraud prevention or to identify, issue or resolve legal claims and/or for proper record keeping purposes

11 Confidentiality and security of your personal data

We are committed to keeping the personal data you provide to us secure and we will take reasonable precautions to protect your personal data from loss, misuse or alteration. For more information .

We have implemented information security policies, rules and technical measures to protect the personal data that we have under our control from:

  • unauthorised access;
  • improper use or disclosure;
  • unauthorised modification; and
  • unlawful destruction or accidental loss.

All of our employees and data processors (i.e. those who process your personal data on our behalf, for the purposes listed above), who have access to, and are associated with the processing of personal data, are obliged to respect the confidentiality of the personal data of all users of our Services.

12 Personal data of children

We do not specifically target our Sites or our Services at children. However, due to the nature of our organisation and the Services we provide, we may from time to time collect and process personal data relating to individuals under the age of 18. Where we do so, we will comply with all applicable laws and regulations relating to the processing of personal data of minors. However, if you are under the age of 13, you must ask a parent or guardian for permission before using our Sites and our products and services. If you are a parent or guardian, please supervise your child’s use of our Sites and our Services.

13 How to access your information and your other rights?

You have the following rights in relation to the personal data we hold about you. If you would like to exercise any of these rights, please contact us using the details set out in How to contact us

Your right of access. For more information

If you ask us, we’ll confirm whether we’re processing your personal data and, if so, provide you with a copy of that personal data (along with certain other details). If you require additional copies, we may need to charge a reasonable fee.

Your right to rectification. For more information

If the personal data we hold about you is inaccurate or incomplete, you’re entitled to have it rectified. If we’ve shared your personal data with others, we’ll let them know about the rectification where possible. If you ask us, where possible and lawful to do so, we’ll also tell you who we’ve shared your personal data with so that you can contact them directly.

Your right to erasure. For more information

You can ask us to delete or remove your personal data in some circumstances such as where we no longer need it or if you withdraw your consent (where applicable). If we’ve shared your personal data with others, we’ll let them know about the erasure where possible. If you ask us, where it is possible and lawful for us to do so, we’ll also tell you who we’ve shared your personal data with so that you can contact them directly.

Your right to restrict processing. For more information

You can ask us to ‘block’ or suppress the processing of your personal data in certain circumstances such as where you contest the accuracy of that personal data or you object to us processing it for a particular purpose. This may not mean that we will stop storing your personal data but, where we do keep it, we will tell you if we remove any restriction that we have placed on your personal data to stop us processing it further. If we’ve shared your personal data with others, we’ll let them know about the restriction where it is possible for us to do so. If you ask us, where it is possible and lawful for us to do so, we’ll also tell you who we’ve shared your personal data with so that you can contact them directly.

Your right to data portability. For more information

You have the right, in certain circumstances, to obtain personal data you’ve provided us with (in a structured, commonly used and machine readable format) and to reuse it elsewhere or to ask us to transfer this to a third party of your choice.

Your right to object. For more information

You can ask us to stop processing your personal data, and we will do so, if we are:

  • relying on our own or someone else’s legitimate interests to process your personal data, except if we can demonstrate compelling legal grounds for the processing; or
  • processing your personal data for direct marketing.

Your rights in relation to automated decision-making and profiling. For more information

You have the right not to be subject to a decision when it’s based on automatic processing, including profiling, if it produces a legal effect or similarly significantly affects you, unless such profiling is necessary for entering into, or the performance of, a contract between you and us.

Your right to withdraw consent. For more information

If we rely on your consent (or explicit consent) as our legal basis for processing your personal data, you have the right to withdraw that consent at any time.

Your right to lodge a complaint with the supervisory authority. For more information

If you have a concern about any aspect of our privacy practices, including the way we’ve handled your personal data, you can report it to the UK Information Commissioner’s Office (ICO). You can find details about how to do this on the ICO website at https://ico.org.uk/concerns/ or by calling their helpline on 0303 123 1113.

14 Changes to this Privacy Policy

We may make changes to this Privacy Policy from time to time. For more information .

To ensure that you are always aware of how we use your personal data, we will update this Privacy Policy from time to time to reflect any changes or proposed changes to our use of your personal data. We may also make changes to comply with changes in applicable law or regulatory requirements.

We will notify you by e-mail of any significant changes to this Privacy Policy. However, we encourage you to review this Privacy Policy periodically to be informed of how we use your personal data.

Password Reminder

Forgotten your password? Enter your email address below and we’ll send you a link to reset it.

* Required Field